package com.microsoft.identity.common.internal.platform;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.microsoft.identity.common.components.AndroidPlatformComponentsFactory;
import com.microsoft.identity.common.java.crypto.CryptoSuite;
import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import com.microsoft.identity.common.java.crypto.IKeyAccessor;
import com.microsoft.identity.common.java.crypto.IKeyStoreKeyManager;
import com.microsoft.identity.common.java.crypto.RawKeyAccessor;
import com.microsoft.identity.common.java.crypto.SecureHardwareState;
import com.microsoft.identity.common.java.crypto.SigningAlgorithm;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.UUID;
import javax.crypto.KeyGenerator;

/* loaded from: classes4.dex */
public class AndroidKeyStoreAccessor {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final int KEY_PURPOSES = 7;
    public static final Charset UTF8 = Charset.forName("UTF-8");

    public static IKeyAccessor forAlias(Context context, String str, CryptoSuite cryptoSuite) {
        IDevicePopManager devicePopManager = AndroidPlatformComponentsFactory.createFromContext(context).getDevicePopManager(str);
        if (!(cryptoSuite.cipher() instanceof IDevicePopManager.Cipher)) {
            return new AndroidSecretKeyAccessor(new AndroidDeviceKeyManager(KeyStore.getInstance(ANDROID_KEYSTORE), str), cryptoSuite) { // from class: com.microsoft.identity.common.internal.platform.AndroidKeyStoreAccessor.1
                @Override // com.microsoft.identity.common.internal.platform.AndroidSecretKeyAccessor, com.microsoft.identity.common.java.crypto.IKeyAccessor
                public byte[] sign(byte[] bArr) {
                    throw new UnsupportedOperationException("This key instance does not support signing");
                }

                @Override // com.microsoft.identity.common.internal.platform.AndroidSecretKeyAccessor, com.microsoft.identity.common.java.crypto.IKeyAccessor
                public boolean verify(byte[] bArr, byte[] bArr2) {
                    throw new UnsupportedOperationException("This key instance does not support verification");
                }
            };
        }
        if (!devicePopManager.asymmetricKeyExists()) {
            devicePopManager.generateAsymmetricKey();
        }
        return getKeyAccessor((IDevicePopManager.Cipher) cryptoSuite.cipher(), cryptoSuite.signingAlgorithm(), devicePopManager);
    }

    private static final IKeyAccessor getKeyAccessor(final IDevicePopManager.Cipher cipher, final SigningAlgorithm signingAlgorithm, final IDevicePopManager iDevicePopManager) {
        return new AsymmetricKeyAccessor() { // from class: com.microsoft.identity.common.internal.platform.AndroidKeyStoreAccessor.2
            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public byte[] decrypt(byte[] bArr) {
                return IDevicePopManager.this.decrypt(cipher, bArr);
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public byte[] encrypt(byte[] bArr) {
                return IDevicePopManager.this.encrypt(cipher, bArr);
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public IKeyAccessor generateDerivedKey(byte[] bArr, byte[] bArr2, CryptoSuite cryptoSuite) {
                throw new UnsupportedOperationException("This operation is not supported by asymmetric keys");
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public Certificate[] getCertificateChain() {
                return IDevicePopManager.this.getCertificateChain();
            }

            @Override // com.microsoft.identity.common.internal.platform.IManagedKeyAccessor
            public IKeyStoreKeyManager<KeyStore.PrivateKeyEntry> getManager() {
                return IDevicePopManager.this.getKeyManager();
            }

            @Override // com.microsoft.identity.common.internal.platform.AsymmetricKeyAccessor
            public String getPublicKey(IDevicePopManager.PublicKeyFormat publicKeyFormat) {
                return IDevicePopManager.this.getPublicKey(publicKeyFormat);
            }

            @Override // com.microsoft.identity.common.internal.platform.AsymmetricKeyAccessor
            public PublicKey getPublicKey() {
                return IDevicePopManager.this.getPublicKey();
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public SecureHardwareState getSecureHardwareState() {
                return IDevicePopManager.this.getSecureHardwareState();
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public byte[] getThumbprint() {
                return IDevicePopManager.this.getAsymmetricKeyThumbprint().getBytes(AndroidKeyStoreAccessor.UTF8);
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public byte[] sign(byte[] bArr) {
                return IDevicePopManager.this.sign(signingAlgorithm, bArr);
            }

            @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
            public boolean verify(byte[] bArr, byte[] bArr2) {
                return IDevicePopManager.this.verify(signingAlgorithm, bArr, bArr2);
            }
        };
    }

    public static IKeyAccessor importSymmetricKey(Context context, SymmetricCipher symmetricCipher, String str, String str2, IKeyAccessor iKeyAccessor) {
        throw new UnsupportedOperationException("This operation is not yet supported");
    }

    public static IKeyAccessor newInstance(Context context, IDevicePopManager.Cipher cipher, SigningAlgorithm signingAlgorithm) {
        IDevicePopManager devicePopManager = AndroidPlatformComponentsFactory.createFromContext(context).getDevicePopManager(UUID.randomUUID().toString());
        devicePopManager.generateAsymmetricKey();
        return getKeyAccessor(cipher, signingAlgorithm, devicePopManager);
    }

    public static IKeyAccessor newInstance(SymmetricCipher symmetricCipher, boolean z) {
        KeyGenParameterSpec build;
        KeyGenParameterSpec.Builder isStrongBoxBacked;
        String uuid = UUID.randomUUID().toString();
        int i = Build.VERSION.SDK_INT;
        if (z) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM);
            keyGenerator.init(symmetricCipher.mKeySize);
            return RawKeyAccessor.builder().suite(symmetricCipher).key(keyGenerator.generateKey().getEncoded()).alias(uuid).build();
        }
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        KeyGenParameterSpec keyGenParameterSpec = null;
        keyStore.load(null);
        String[] split = symmetricCipher.cipher().name().split("/");
        KeyGenerator keyGenerator2 = KeyGenerator.getInstance(split[0], ANDROID_KEYSTORE);
        try {
            if (i >= 28) {
                isStrongBoxBacked = new KeyGenParameterSpec.Builder(uuid, KEY_PURPOSES).setIsStrongBoxBacked(true);
                build = isStrongBoxBacked.setKeySize(symmetricCipher.keySize()).setBlockModes(split[1]).setEncryptionPaddings(split[2]).setKeySize(symmetricCipher.keySize()).build();
            } else {
                build = new KeyGenParameterSpec.Builder(uuid, KEY_PURPOSES).setKeySize(symmetricCipher.keySize()).setBlockModes(split[1]).setEncryptionPaddings(split[2]).setKeySize(symmetricCipher.keySize()).build();
            }
            keyGenerator2.init(build);
            keyGenerator2.generateKey();
            keyGenParameterSpec = build;
        } catch (ProviderException e) {
            if (!e.getClass().getSimpleName().equals("StrongBoxUnavailableException")) {
                throw e;
            }
        }
        if (keyGenParameterSpec == null) {
            keyGenerator2.init(new KeyGenParameterSpec.Builder(uuid, KEY_PURPOSES).setKeySize(symmetricCipher.keySize()).setBlockModes(split[1]).setEncryptionPaddings(split[2]).setKeySize(symmetricCipher.keySize()).build());
            keyGenerator2.generateKey();
        }
        return new AndroidSecretKeyAccessor(new AndroidDeviceKeyManager(keyStore, uuid), symmetricCipher) { // from class: com.microsoft.identity.common.internal.platform.AndroidKeyStoreAccessor.3
            @Override // com.microsoft.identity.common.internal.platform.AndroidSecretKeyAccessor, com.microsoft.identity.common.java.crypto.IKeyAccessor
            public byte[] sign(byte[] bArr) {
                throw new UnsupportedOperationException("This key instance does not support signing");
            }

            @Override // com.microsoft.identity.common.internal.platform.AndroidSecretKeyAccessor, com.microsoft.identity.common.java.crypto.IKeyAccessor
            public boolean verify(byte[] bArr, byte[] bArr2) {
                throw new UnsupportedOperationException("This key instance does not support verification");
            }
        };
    }
}
